• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
While that is true, the default Windows config doesn't allow for remote exploitation. A user/admin would need to deliberately open up a system to be vulnerable, which no one is foolish/stupid enough to do, effectively making physical access a requirement.

If that were true, things like privilege escalation exploits wouldn't exists. The truth is, if someone wants your data, they will get it. No matter where it is. At home, a data center, your phone. The web is fundamentally insecure.

The security that most of us have is that we are simply not interesting enough or profitable enough to target as individuals. That is why corporations and data centers are the target. You can bury your head in the sand all you want but it doesn't change anything.
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
If that were true, things like privilege escalation exploits wouldn't exists. The truth is, if someone wants your data, they will get it. No matter where it is. At home, a data center, your phone. The web is fundamentally insecure.
Can't argue with that, because it's true. What I meant was that these particular vulnerabilities are very fundamentally difficult to pull off remotely.
 
D

Deleted member 158293

Guest
WHOOAA! Didn't realize this could be done in conjunction to speed up simple java script attack vectors :eek:

Now, this has the potential to get real bad, relatively quickly and not just for servers once the hacking tools become more common and readily available.
 
Joined
Sep 27, 2014
Messages
550 (0.15/day)
I am sure AMD CPUs are affected too... This is not negligence, it is a principle bug. Every processor needs speculative execution , or else will crawl. And that opens the gate to this kind of attacks.
They just didn't found the AMD one yet.

It's funny that a similar comment above got down voted.
 
D

Deleted member 158293

Guest
Thinking I missed something. Where did you read that?

You can read through the research paper (tedious even if you understand it), but here is a good summary of how it could be done.

Basically in principal (until systematically proven, but by the looks of it, sure seems likely) the exploit can run at the same time as a simple web site java script.

ie: The exploit can lift the information from server memory operations when lets say... it could be comparing passwords in memory for authorization and feed it back to the running java script which could just use it in a brute force attack, without needing the brute force anymore.

Do this fast enough even 2FA could be exploited.
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
You can read through the research paper (tedious even if you understand it), but here is a good summary of how it could be done.

Basically in principal (until systematically proven, but by the looks of it, sure seems likely) the exploit can run at the same time as a simple web site java script.

ie: The exploit can lift the information from server memory operations when lets say... it could be comparing passwords in memory for authorization and feed it back to the running java script which could just use it in a brute force attack, without needing the brute force anymore.

Do this fast enough even 2FA could be exploited.

The problem is that the attacker needs to get the script on the server to begin with. That requires at least successfully exploiting one other vulnerability which is likely going to be XSS (cross site scripting) because a ridiculously high number of sites are vulnerable (read: nearly any).
 
D

Deleted member 158293

Guest
The problem is that the attacker needs to get the script on the server to begin with. That requires at least successfully exploiting one other vulnerability which is likely going to be XSS (cross site scripting) because a ridiculously high number of sites are vulnerable (read: nearly any).

Or maybe turn it around to the user's computer using a password manager, which is probably much easier to infect than a "well patched" server.

The possibilities are wide open at this point. The more I'm reading, the more this seems like the most flexible exploit I've seen in a very long time.
 
Joined
Oct 26, 2016
Messages
1,806 (0.61/day)
Location
BGD
System Name Minotaur
Processor Intel I9 7940X
Motherboard Asus Strix Rog Gaming E X299
Cooling BeQuiet/ double-Fan
Memory 192Gb of RAM DDR4 2400Mhz
Video Card(s) 1)RX 6900XT BIOSTAR 16Gb***2)MATROX M9120LP
Storage 2 x ssd-Kingston 240Gb A400 in RAID 0+ HDD 500Gb +Samsung 128gbSSD +SSD Kinston 480Gb
Display(s) BenQ 28"EL2870U(4K-HDR) / Acer 24"(1080P) / Eizo 2336W(1080p) / 2x Eizo 19"(1280x1024)
Case NZXT H5 Flow
Audio Device(s) Realtek/Creative T20 Speakers
Power Supply F S P Hyper S 700W
Mouse Asus TUF-GAMING M3
Keyboard Func FUNC-KB-460/Mechanical Keyboard
VR HMD Oculus Rift DK2
Software Win 11
Benchmark Scores Fire Strike=23905,Cinebench R15=3167,Cinebench R20=7490.Passmark=30689,Geekbench4=32885
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Or maybe turn it around to the user's computer using a password manager, which is probably much easier to infect than a "well patched" server.

The possibilities are wide open at this point. The more I'm reading, the more this seems like the most flexible exploit I've seen in a very long time.

Javascript will be the scourge of the internet for a while. The problem with the web is the insecurity is built into the HTTP protocol itself as being an RFC compliant server means you have to be backwards compatible with previous HTTP versions. Just look up HTTP 0.9 and then proceed to cry.
 
Joined
Oct 13, 2015
Messages
44 (0.01/day)
If it ain't broke don't fix...
Still mourning the loss of that approach with software in the Internet era, but at least we hadn't so far been 'forced' to unnecessarily upgrade PC hardware to maintain security.
 
Joined
Mar 18, 2008
Messages
5,444 (0.89/day)
Location
Australia
System Name Night Rider | Mini LAN PC | Workhorse
Processor AMD R7 5800X3D | Ryzen 1600X | i7 970
Motherboard MSi AM4 Pro Carbon | GA- | Gigabyte EX58-UD5
Cooling Noctua U9S Twin Fan| Stock Cooler, Copper Core)| Big shairkan B
Memory 2x8GB DDR4 G.Skill Ripjaws 3600MHz| 2x8GB Corsair 3000 | 6x2GB DDR3 1300 Corsair
Video Card(s) MSI AMD 6750XT | 6500XT | MSI RX 580 8GB
Storage 1TB WD Black NVME / 250GB SSD /2TB WD Black | 500GB SSD WD, 2x1TB, 1x750 | WD 500 SSD/Seagate 320
Display(s) LG 27" 1440P| Samsung 20" S20C300L/DELL 15" | 22" DELL/19"DELL
Case LIAN LI PC-18 | Mini ATX Case (custom) | Atrix C4 9001
Audio Device(s) Onboard | Onbaord | Onboard
Power Supply Silverstone 850 | Silverstone Mini 450W | Corsair CX-750
Mouse Coolermaster Pro | Rapoo V900 | Gigabyte 6850X
Keyboard MAX Keyboard Nighthawk X8 | Creative Fatal1ty eluminx | Some POS Logitech
Software Windows 10 Pro 64 | Windows 10 Pro 64 | Windows 7 Pro 64/Windows 10 Home
lol Classic
 
Joined
Mar 18, 2015
Messages
2,963 (0.83/day)
Location
Long Island
In my opinion, it is great that security is finally getting highlighted. Now people will understand that 90% of business don't give two poos about protecting your data. This may not be a problem for consumers...until it is. Just remember the processors sitting in all those data centers holding all of your data. Then you find out that every piece of software and hardware you use on a daily basis makes Swiss cheese look like concrete because security and privacy is the first thing that gets thrown out the windows when the budget hammer comes down. Disgusting, frankly.

Truth be told, 9/10 users don't need to worry about this. Most of these attacks require people that actually know what they are doing. The morons will get sniffed out before they have a chance to do anything.

I find the biggest attention threads like this is fans of both sides doing oneupsmanship each time a new vulnerability is discovered. For example, if someone asks whether Corsair AIOs presents a real world risk , I could do a web search and I'd find .... Ok is doesn't happen often but it does happen so that's not 100% ... you decide if it's worth the risk.

https://forums.tomshardware.com/threads/my-corsair-h60-exploded.326466/
h ttps://www.reddit.com/r/buildapc/comments/4pxjp2/corsair_h100i_v2_exploded_on_my_3_day_old_build/

But if if some one asks whether this or that vulnerability from AMD / Intel presents a risk ... I have yet to come up with any real world scenario where someone says "this happened to me"
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
You're quite right. It is very unlikely anyone will deal with this directly. But it could affect any of us indirectly.

Neither 'side' should gloat. Any CPU that performs speculative execution is flawed.
 
Joined
Aug 20, 2007
Messages
21,542 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
So in other words they discovered the NSA's back door.

Yeah, no. Timing based attacks and stuff like this really aren't backdoors but incredibly advanced reverse engineering of an incredibly complex machine. If it's a backdoor, it's a helluva bad one.

Nah. This is likely a legitimate bug. The NSA backdoor is in the Intel Management Engine.
https://en.wikipedia.org/wiki/Intel_Management_Engine

See my post where I disect and scrub the management engine from some asrock boards. TL;DR: Even that is not really able to function as a backdoor.

So you would have to have code running on the machine that sits there looking for the moment when it can intercept a full address to a page in memory, and then grab that out of memory, in the hopes that it has sensitive data in there.

And after I grab that sensitive data and figure out how to use it, I will clean my house with a toothpick.

On datacenters that rent out servers this is a real issue. Suddenly anyone with a login that can execute anything can privilege escalate.

Beyond that, it's of limited scope.

If that were true, things like privilege escalation exploits wouldn't exists. The truth is, if someone wants your data, they will get it. No matter where it is. At home, a data center, your phone. The web is fundamentally insecure.

It's all about making the data harder to get than it is worth.

That barrier works. Things like this massively break down that barrier, though.

bulldozer it is not...

Piledriver it is

Begun, the clone wars has...

/yoda speak
 
Last edited:
Joined
Oct 30, 2008
Messages
1,901 (0.32/day)
Processor 5930K
Motherboard MSI X99 SLI
Cooling WATER
Memory 16GB DDR4 2132
Video Card(s) EVGAY 2070 SUPER
Storage SEVERAL SSD"S
Display(s) Catleap/Yamakasi 2560X1440
Case D Frame MINI drilled out
Audio Device(s) onboard
Power Supply Corsair TX750
Mouse DEATH ADDER
Keyboard Razer Black Widow Tournament
Software W10HB
Benchmark Scores PhIlLyChEeSeStEaK
You can read through the research paper (tedious even if you understand it), but here is a good summary of how it could be done.

Basically in principal (until systematically proven, but by the looks of it, sure seems likely) the exploit can run at the same time as a simple web site java script.

ie: The exploit can lift the information from server memory operations when lets say... it could be comparing passwords in memory for authorization and feed it back to the running java script which could just use it in a brute force attack, without needing the brute force anymore.

Do this fast enough even 2FA could be exploited.

Its posts like this that make this site laughable!!!! OH more FEAR PLEASE!!!!!!
 
Joined
Dec 27, 2013
Messages
887 (0.22/day)
Location
somewhere
I am sure AMD CPUs are affected too... This is not negligence, it is a principle bug. Every processor needs speculative execution , or else will crawl. And that opens the gate to this kind of attacks.
They just didn't found the AMD one yet.

It's funny that a similar comment above got down voted.
Pains me to say it but you are likely correct. Intel has much higher marketshare and of course most people are going to try to target Intel architecture first.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,747 (3.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Pains me to say it but you are likely correct. Intel has much higher marketshare and of course most people are going to try to target Intel architecture first.
I'm sure AMD will suddenly get lots more attention when/if EPYC makes a significant dent in Intel's market share in the server space...

It's like one of the oldest arguments for using Linux, or even Mac. "Everyone makes viruses for Windows! There are no viruses for Linux/Mac". Because Windows is by far the bigger target...
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
It's like one of the oldest arguments for using Linux, or even Mac. "Everyone makes viruses for Windows! There are no viruses for Linux/Mac". Because Windows is by far the bigger target...
Which we all know that is a load of nonsense. There are even Unix and BSD virii/malware.
 
Last edited:

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,747 (3.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Probably. 10 years ago I didn't question that statement, but today I am aware that, even though Windows is still by far the most popular desktop OS, Linux is in heavy use in server environments. Surely it's a big enough target for someone to bother with?
 
Joined
Aug 20, 2007
Messages
21,542 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Which we all know that is a load of nonsense. There are even Unix and BSD virii/malware.

Personally, I'm more afraid to run an unpatched linux server than a Windows one.

Why? One word. Root. Root is way too powerful.
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
Personally, I'm more afraid to run an unpatched linux server than a Windows one.

Why? One word. Root. Root is way too powerful.
While you have a point, there are measures and fail-safes that can and do protect from such problems.
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Top